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REMARKS 

Claims 1-10 and 12-19 are pending. 
Claim 1 1 has been cancelled. 
Claims 20 and 21 have been added. 

In the Office Action mailed July 9, 2009, claims 1-11 were rejected under 35 
U.S.C. § 103(a) as unpatentable over Buteau (U.S. Patent No. 6,442,557) in view of 
Ruffin (U.S. Patent No. 6,249,769) in view of Baudoin (U.S. Patent No. 7,290,275) and 
further in view of McKenna (U.S. Patent Publication No. 2004/0010772); and claims 12- 
19 were rejected under 35 U.S.C. § 103(a) as unpatentable over Buteau in view of 
Baudoin and further in view of McKenna. 

Each of independent claims 1 and 12 has been amended to further define "current 
security architecture" and "future security architecture." Specifically, claim 1 now 
recites that each of the current security architecture and future security architecture 
includes a corresponding set of a security objective and a mix of security measures. 
Support for this amendment can be found at least in the following passage of the 
specification: page 12, lines 1-10. 

It is respectfully submitted that claim 1 is non-obvious over the asserted 
combination of Buteau, Ruffin, Baudoin, and McKenna. 

To make a determination under 35 U.S.C. § 103, several basic factual inquiries 
must be performed, including determining the scope and content of the prior art, and 
ascertaining the differences between the prior art and the claims at issue. Graham v. John 
Deere Co., 383 U.S. 1, 17, 148 U.S.P.Q. 459 (1965). Moreover, as held by the U.S. 
Supreme Court, it is important to identify a reason that would have prompted a person of 
ordinary skill in the art to combine reference teachings in the manner that the claimed 
invention does. KSR International Co. v. Teleflex, Inc., 127 S. Ct. 1727, 1741, 82 
U.S.P.Q.2d 1385 (2007). 

The Office Action conceded that Buteau (the primary reference relied upon) does 

not disclose the following elements of claim 1: 

• determining, by the computer, information technology requirements for the 
business in response to the existing information technology and the relationship 
among the manageable entities; and 
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• generating, by the computer, a plan for implementation and deployment of future 
information technology among the manageable entities based on the determined 
information technology requirements for display by the computer within the 
graphical representation of the overall architecture, the plan including a future 
security architecture based on the future information technology and a transition 
between a current security architecture and the future security architecture, 
wherein each of the current security architecture and future security architecture 
includes a corresponding set of a security objective and a mix of security 
measures. 07/09/2009 Office Action at 6. 

Instead, the Office Action relied upon the following references as purportedly 
disclosing the claimed features missing from Buteau: Ruffin, Baudoin, and McKenna. 
Id. at 6-7. 

Buteau describes a database program that is able to allow users to input and 
search for how architecture changes to the enterprise affects an enterprise architecture. 
Buteau, 2:63-65. However, Buteau provides absolutely no hint whatsoever of generating 
a plan for implementation and deployment of future information technology among 
manageable entities of a business based on determined information technology 
requirements, where the plan includes a future security architecture based on the future 
information technology and a transition between a current security architecture and a 
future security architecture, where each of the current security architecture and future 
security architecture includes a corresponding set of a security objective and a mix of 
security measures. 

Although Ruffin describes generating a formal solution proposal based on 
evaluating an information technology environment and requirements of a business entity 
(Ruffin, Abstract), Ruffin does not provide any hint that the formal solution proposal 
would include a plan that includes a future security architecture based on the future 
information technology and a transition between a current security architecture and the 
future security architecture, as defined by claim 1. Although Ruffin notes that its 
techniques can be applied to plant security {id., 3:16), there is no hint that the techniques 
of Ruffin would produce a plan as defined by claim 1 . 

Recognizing the deficiencies of Buteau and Ruffin, the Office Action cited the 
teachings of Baudoin and McKenna. Specifically, the Office Action cited the Abstract 
and Fig. 4 of Baudoin, and the following passages of McKenna: fj[ [0082]-[0084]. The 
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Abstract of Baudoin notes that an information security policy and practice of an 
organization are assessed, which includes determining a risk associated with the 
information security policy and practice. The Abstract of Baudoin also notes that a rating 
is generated using a security maturity assessment matrix. The Abstract of Baudoin also 
notes that a list of corrective actions is generated using the rating. The list of corrective 
actions is executed to create a new security information policy and practice. 

Determining a risk and rating based on a security maturity assessment matrix, as 
taught by Baudoin, is different from generating a plan for implementation and 
deployment of future information technology among the manageable entities based on the 
determined information technology requirements, where the plan includes a future 
security architecture based on the future information technology and a transition between 
a current security architecture and the future security architecture, where each of the 
current security architecture and future security architecture includes a corresponding set 
of a security objective and a mix of security measures. 

Paragraphs [0082] -[0084] of McKenna describe establishing an organization plan 
for managing resources for a project. Note that the project discussed by McKenna is a 
project for developing and implementing new computer software applications through a 
series of distinct stages. McKenna, Abstract. In McKenna, a user process narrative sign- 
off, an application set of configurations sign-off, a design securities profiles sign-off, and 
a design acceptance certificate are each provided to ensure that adequate and accurate 
information regarding the design of the software being developed are provided prior to 
review. These teachings of McKenna have nothing to do with generating a plan that 
includes a future security architecture based on the future infoimation technology and a 
transition between a current security architecture and the future security architecture, 
where each of the current security architecture and future security architecture includes a 
corresponding set of a security objective and a mix of security measures. 

Paragraph [0084] of McKenna states that various associated sign-offs are 
provided to support the development of the enterprise architecture, including a design of 
a security architecture sign-off a design application functional architecture sign-off, a 
developed system capacity plan sign-off, and assess performance risks sign-off, and a 
design system management sign-off, which are provided to ensure that proper 
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development and documentation of each of the items has been performed prior to 
approval. Again, except for the common use of the term "security," McKenna in <j[ 
[0084] provides absolutely no hint of the plan that includes a future security architecture 
based on the future information technology and a transition between a current security 
architecture and the future security architecture, as recited in claim 1 . 

In view of the foregoing, it is respectfully submitted that even if the references 
could be hypothetic ally combined, Buteau, Ruffin, Baudoin, and McKenna would not 
disclose or hint at all elements of claim 1. Moreover, in view of the fact that none of the 
references provide any hint of the subject matter in the last clause of claim 1 (the 
"generate" clause), it is respectfully submitted that a person of ordinary skill in the art 
would not have been prompted to combine the teachings of the references to achieve the 
claimed subject matter. 

Therefore, the obviousness rejection of claim 1 is erroneous. 

Independent claim 12 was rejected as purportedly obvious over Buteau, Baudoin, 
and McKenna. For similar reasons as stated above, it is clear that the hypothetical 
combination of Buteau, Baudoin, and Ruffin would fail to disclose or hint at all elements 
of claim 12, including the "generate a plan" element of claim 12. Moreover, a person of 
ordinary skill in the art clearly would not have been prompted to combine the teachings 
of Buteau, Baudoin, and McKenna to achieve the subject matter of claim 12. 

Dependent claims, including newly added dependent claims 20 and 21, are 
allowable for at least the same reasons as corresponding independent claims. 

In view of the foregoing, allowance of all claims is respectfully requested. 
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The Commissioner is authorized to charge any additional fees and/or credit any 
overpayment to Deposit Account No. 08-2025 (200901639-1). 

Respectfully submitted, 



Date: October 9, 2009 /Dan C. Hu/ 

Dan C. Hu 

Registration No. 40,025 
TROP, PRUNER & HU, P.C. 
1616 South Voss Road, Suite 750 
Houston, TX 77057-2631 
Telephone: (713) 468-8880 
Facsimile: (713) 468-8883 
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